mobile security trends

Download Mobile security trends

If you can't read please download the document

Post on 13-Apr-2017

2.144 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

Slide 1

Security Trends in a Mobile Environment: Access in an Anytime, Anywhere World

Ken Huang & James HewittHDI Executive Forum | June 22, 2011

_experience the commitment TM

1

About CGIFull Service IT companyManaged service, BPOIP based Business SolutionsSI&CCloud and Mobile Computing: Cloud IT servicesCloud security services

Approximately 31,000 professionals worldwide

Total Revenue: $4.5 Billion.

2

2

Who Are We?Ken HuangDirector of Security EngineeringCloud/Mobile SecurityST&EIDAME-Signature, etc.Frequent SpeakerBlog: http://cloud-identity.blogspot.com/Linkedin: www.linkedin.com/in/kenhuang8Twitter: http://twitter.com/#!/kenhuangusJames HewittDirector of Security GovernanceCISOST&EDatabase SecurityFrequent SpeakerLinkedin: http://www.linkedin.com/pub/jim-hewitt/0/6ab/552

3

3

TopicsMobile Technology and TrendsMobile Application and TrendsMobile Security and TrendsData Loss Prevention for Mobile Devices and TrendsDiscussion Topics

4

4

Mobile Technology and TrendsTechnologyTrendsWi-FiMore Wi-Fi hotspots will be addedWi-Fi still plays a huge role in WLAN3G & 4G3G will gradually phase out4G networks will increase, as it is a major competing ground for carriers to attract new customersBluetoothWill continue to be used to connect personal network devicesNFCWill gain more momentum for payment, ticketing, and check-in devices

5

5

Mobile Technology and TrendsTechnologyTrendsWiMAX (Worldwide Interoperability for Microwave Access)SprintWiMAX and LTE are the winners3GPP LTE (3rd Generation Partnership Project Long Term Evaluation)AT&TVerizon WirelessUMB (Ultra Mobile Broadband)Being replaced by LTEFlash-OFDM (Fast Low-Latency Access with Seamless Handoff Orthogonal Frequency Division Multiplexing)T-Mobile Germany

6

6

3G vs 4G Networks3G4GDSL speedsWired network speedsMax speed up to 3.1 MbpsMax speed up to 100+ MbpsIncludes all 2G and 2.5G features plus:Real-time location-based servicesFull motion videosStreaming music3D gamingFaster web browsingIncludes all 3G features plus:On-demand videoVideo conferencingHigh-quality streaming videoHigh-quality Voice-over-IP (VoIP)Added security featuresTrends: 4G will be the winner

7

7

WiMAX vs. Wi-FiWiMAXWi-FiSpeedUp to 4 MbpsUp to 2 MbpsBandwidthUp to 75 MbpsUp to 54 MbpsRange30 miles (50 km)100 feet (30 m)Intended Number of Users100+20Quality of ServiceWeaker encryption (WEP or WPP)Stronger encryption (TDES or AES)Trends: Both WiMAX and Wi-Fi will co-exist for the foreseeable future

8

8

NFCBased on RFID Technology at 13.56 MHzOperating distance typically up to 10 cmCompatible with todays field-proven contactless RFID technologyData exchange rate today up to 424 kilobits/sUses less power than BluetoothDoes not need pairingTrends: NFC will get wider use due to payment and ticketing apps

9

9

Mobile Application TrendsPaymentUsing your phone to pay will become a realityFederal Government AdoptionMobile apps will become more widely usedCloud and Mobile ComputingDuring an appearance in Silicon Valley, Aneesh Chopra, the nations first-ever CTO, acknowledged the inevitable emergence of cloud and mobile as solutions for the federal government, but sees them as supplementing, rather than replacing, legacy systemsTransportation Department gets $100 million for mobile apps

10

10

Mobile Application Trends (cont.)Federal Government Adoption (cont.)FBI most wanted listing app on iPhoneIRS check refund statusThe White House mobile app news, videos, podcasts, blogs, etc.Productivity toolMobile apps will become more mature over timeBankingCheck balances, transfer funds, etc.11

11

Mobile Application Trends (cont.)EntertainmentVideos, gaming, etc.Social networkingFacebookTwitterFoursquareLinkedinAny new apps?

ActivistsCollective bargaining and strikesOtherPrice comparison for various products12

12

Wi-Fi Security TrendsUse a strong passwordDont broadcast your SSIDUse good wireless encryption (WPA, not WEP)Use another layer of encryption when possible (e.g. VPN, SSL)Restrict access by MAC addressShut down the network and wireless network when not in useMonitor your network for intrudersUse a firewallTrends: More Wi-Fi hotspots (but more attacks on hotspots as well) avoid free Wi-Fi whenever possible; Wi-Fi-enabled mobile devices can become the stepping stone to your secured network

13

WPA: Wi-Fi Protected AccessWEP: Wired Equivalent Privacy13

4G Security TrendsBackward compatibility to 3G or GSM capabilities exposes 4G to 3G and GSM security vulnerabilities4G also has a roaming vulnerability associated with mutual authentication: a fake network can easily claim to be a roaming partnerTrends: More bandwidth comes with a greater possibility of being attacked

14

14

Bluetooth Security TrendsBluejackingSending either a picture or a message from one user to an unsuspecting user through Bluetooth wireless technology.DoS AttacksEavesdroppingMan-in-the-middle attacksMessage modificationNIST published a Guide to Bluetooth Security in 2008

Trends: Dependent on new apps on bluetooth I dont see any significant increase in attacks on bluetooth

15

15

NFC Security TrendsGhost and Leech AttackHackers RFID reader steals or transmits credentials to a fake RFID cardEavesdroppingHacker must have a good receiver and stay closeTo avoid this, use a secure channel as compensating controlData CorruptionJams the data so that it is not readable by the receiverCheck RF field as compensating control.16

16

NFC Security Trends (cont.)Data ModificationChanges the semantics of the dataUse secure channel

Trends: iPhones, iPads, and iPods will have NFC; Secure channels for NFC; Payments through smartphones will replace plastic cards and keys; Google Wallet and the security

17

17

Attack on the appCurrently, Androids are the target due to Googles loose vetting processAccording to USA Today (June 5, 2011), Google had to remove 25 apps from the Android market, but not before 125,000 users have downloaded the apps1These apps allow hackers to download more malicious programs when the user makes phone callsiPhones and iPads are lightly hacked but will become targets in the futureTrends: Apps will be more vulnerable to attacks in the future

1 http://www.usatoday.com/tech/products/2011-06-03-tougher-security-sought-in-google-apple-devices_n.htm 18

18

Data Protection for Mobile Device and TrendsFile-level encryption (PocketCrypt or PointSafe)Encryption of data in the transitRemote data wipe-outDevice trackingData backup (Cloud Storage As Service)Mobile Device Management (MDM)- Example GSA use Fiberlink.Trends: Currently, the market is very fragmented, and consolidation will take place over the time.

19

19

Gartner Predications2014 will witness over 3 billion mobile users worldwide

Mobiles phones will become the preferred and most commonly used web device globally by 2013.

As a result, a large number of mobile applications will be built for multiple platforms (Android, J2ME, Symbian, iOS, etc.) and domains (mobile payments, mobile, commerce, mobile VAS, etc.).20

20

Do Cell Phones Cause Cancer?According to an article in the HuffingtonPost (June 1, 2011):The World Health Organization announced that cell phones could possibly cause cancer.The WHOs cancer research arm, the International Agency for Research on Cancer, classifies cell phones as a class 2b possible carcinogen. The IARC also identified known as well as probable carcinogens, including a few others which some of us come into contact with on a regular basis. 1CNN link: http://www.cnn.com/2011/HEALTH/05/31/who.cell.phones/index.html

1 http://www.huffingtonpost.com/2011/05/20/cell-phone-radiation_n_864799.html21

21

Topics for discussionWhat is the security policy for mobile technology in your organization?How can data be protected?Data encryption for mobile deviceData Loss Prevention for mobile technologyMobile technology and cloud computingTrends on Telecommuting or telework

22

22